WSUS Problem
billybob01
Senior MemberMember Posts: 504
in Off-Topic
I am using client side targeting with Group Policy but noticed that all the servers quite rightly showing up in my Servers group that i made but i need to move one server into my Test Group. How can i do this when the Change Membership is greyed out because i am using Group Policy?
Also even though i am using Group Policy i am noticing a lot of clients are in the Unassigned group and i cannot move these either.
Also even though i am using Group Policy i am noticing a lot of clients are in the Unassigned group and i cannot move these either.
Comments
If you are controlling WSUS through Group Policy, that is where you need to make your changes. It's done that way by design. Consider a Domain Admin that wants to make sure that WSUS settings are applied according to his design, but then a server admin decides he wants to do it different, what would be the point of having a nice GPO in place if the server admin could change it?
You need to create a new GPO/OU or modify the current one to make it do what you want. Or don't use Group Policy and do it from the WSUS server.
Have you tried gpupdate /force on the clients? Or is it possible the WSUS SID of the clients are messed up due to the cloning procedure used?
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
You have to create the groups in WSUS first before WSUS puts the clients in the group specified in the GPO. Also, if you have replica servers, the "enable client side targeting" has to be set for EVERY server that has clients reporting to it, not just the master server.
When you click on the name of the server in the WSUS console, do you have any messages on in the pane on the right side regarding clients requesting groups that do not exist?
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...
You may be talking about this:
Resetauthorization Option
WSUS uses a cookie on client computers to store various types of information, including computer group membership when client-side targeting is used. By default this cookie expires an hour after WSUS creates it. If you are using client-side targeting and change group membership, use this option in combination with detectnow to expire the cookie, initiate detection, and have WSUS update computer group membership.
Note that when combining parameters, you can use them only in the order specified as follows:
wuauclt.exe /resetauthorization /detectnow
===========
Stop WSUS Client-Side service (net stop wuauserv)
Go to HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate and delete:
PingID (if listed)
AccountDomainSid
SusClientId
And then restart the WSUS client-side service (net start wuauserv). Then, run wuauclt.exe /resetauthorization /detectnow to force WSUS to get its act together and start over. It'll recreate the keys you deleted with a unique ID, solving the problem.
===========
That wil work. I created a batch script like this:
Check out their hklm\software\policies\microsoft\windows\windows update\ and see what their target group is set to. If there isn't a value there then check your group policy application. If there is a value there, make sure the update server they report to has that group name defined.
Recent: 11/2019 - RHCSA (RHEL 7); 2/2019 - Updated VCP to 6.5 (just a few days before VMware discontinued the re-cert policy...)
Working on: RHCE/Ansible
Future: Probably continued Red Hat Immersion, Possibly VCAP Design, or maybe a completely different path. Depends on job demands...